Software Defined Network for Internet of Things

Transcription

Software Defined Network
for Internet of Things
Sunyoung Han
Konkuk University
[email protected]
14 July 2016
WUNCA33, Chulalongkorn University, Thailand
Contents
1. SDN
- OpenFlow, Open vSwitch, Controller, OpenStack, NFV
2. IoT
- IoTivity, CoAP, 6LoWPAN, Raspberry Pi & Arduino, Security
3. SDN for IoT
3
Introduction
(Software Defined Network)
SDN(Software Defined Network)
• What is SDN?
– Control and Data planes are decoupled.
SDN Architecture [ONF]
SDN Open Interfaces [TTA]
Ref.[1][2] https://www.opennetworking.org/about/onf-overview, http://www.tta.or.kr/index.jsp
4
• Need for SDN
– Layered architecture with standard Open interfaces
– Experiment and research using non-bulky, non-expensive
equipment
– More accessibility since software can be easily developed
by more vendors
– More flexibility with programmability
– Ease of customization and integration with other software
applications
Ref.[1][2] https://www.opennetworking.org/about/onf-overview, http://www.tta.or.kr/index.jsp
5
• SDN Controller
6
7
OpenFlow
8
What is OpenFlow?
• “OpenFlow is based on an Ethernet switch, with an internal flowtable, and a standardized interface to add and remove flow entries.”
– Nick Nckeown, et al., “OpenFlow: enabling innovation in campus networks,”
ACM SIGCOMM Computer Communication Review, Vol. 38, Issue 2, pp.69-74,
April 2008.
Control Function
ForwardingEngine
Engine
Forwarding
Flow table
Basic idea of OpenFlow
• Separate Control function and Forwarding engine
– OpenFlow Controller
– OpenFlow Switch
• Provide standard interface to control forwarding engine
9
10
OpenFlow
• OpenFlow allows direct access to and manipulation of the
forwarding plane of network devices such as switches and
routers, both physical and virtual (hypervisor-based).
Control plane
OpenFlow Controller
OpenFlow Protocol
Forward to Controller
Packet
Flow Table
OpenFlow Switch
Data plane
OpenFlow
Ref.[3] http://www.slideshare.net/ireri339/sdndstw-ryu-developing
Packet
Drop
11
OpenFlow Switching
OpenFlow Switch
Software
Layer
Hardware
Layer
*
MAC
src
*
MAC
dst
port 1
5.6.7.8
Controller
OpenFlow Table
*
IP
Src
IP
Dst
5.6.7.8
port 2
*
TCP
TCP
sport dport
*
port 3
Ref.[37] http://cleanslate.Stanford.edu, The Stanford Clean Slate Program
OpenFlow
Protocol
Action
port 1
port 4
1.2.3.4
OpenFlow Table Entry
Ref.[37] http://cleanslate.Stanford.edu, The Stanford Clean Slate Program
12
OpenFlow Protocol
• Controller with Switches
• Maintains flow tables in OFS
– Create
– Delete
•
•
– Modify
Notify unknown packet to OFC
Gather information and statistics
13
OpenFlow Specification
• Current OpenFlow specification is v1.4
• Components
– Secure Channel
– Controller
– Switch
• Flow table
14
Components
• Switch
– Forwarding received packets according to flow tables
– If unmatched packets are received, send packet-in message to
controller
• Controller
– Handles packet-in event from switches
– Communicates via TCP port 6633
– Create flow table
– Modify flow table
– Delete flow table
15
Flow Table
• Match fields: to match against packets.
– Ingress port, packet headers and optionally metadata specified by
a previous table.
• Priority: matching precedence of the flow entry.
• Counters: updated when packets are matched.
• Instructions: to modify the action set or pipeline processing.
• Timeouts: flow expiration time by the switch.
• Cookie: opaque data value chosen by the controller.
– May be used by the controller to filter flow statistics, flow modification
and flow deletion.
– Not used when processing packets.
Ref.[36] OpenFlow Speciifcation 1.4, ONF
16
Packet Flow Processing
Ref.[36] OpenFlow Speciifcation 1.4, ONF
17
18
Matching
• Forwarding the packet to the controller when the packet
came in unknown
Ref.[4] OpenFlow Specification 1.3, ONF
Matching Process
19
Open vSwitch
20
Open vSwitch
• OpenvSwitch is Open Source Software for OpenFlow Switch
• Network interface devices connect to Open vSwitch bridge’s
ports, and the ports can be configured like a physical switch’s
port
VM
vNIC
Virtual
Network
vNIC
Physical Network
Ref.[5] https://www.openvswitch.org/
Open vSwitch Architecture
VM
vNIC
VM
vNIC
vSwitch
Hypervisor
SERVER
Open vSwitch
• Features
– Multicast snooping
– IETF Auto-Attach SPBM and rudimentary required LLDP support
– Fine-grained QoS control
– OpenFlow protocol support (including many extensions for
virtualization)
– IPv6 support
– Multiple tunneling protocols (GRE, VXLAN, STT, and Geneve, with IPsec
support)
– Remote configuration protocol with C and Python bindings
• Download Link
– http://openvswitch.org/download/
21
22
The Main Components
Controller
ovsdb-server
ovs-vswitchd
User
Management Protocol (6632/TCP)
OpenFlow (6633/TCP)
Netlink
OVS Kernel Module
Kernel
23
Controller
(OpenDaylight / ONOS)
24
Controller
C / C++
C++ / Python
Python
JAVA
Ref.[35] SangYun Han, “ONOS SDN Controller”, Kyunghee Univ. MOBILE CONVERGENCE LAB.
25
Opendaylight
Beryllium Release (March 2016)
OpenDaylight
• OpenDaylight is Open Source Software for SDN/NFV
• OSGi framework support
• REST support for Northbound API
• Supported protocols (Southbound Interface)
– OpenFlow, NETCONF, OVSDB, CoAP, etc…
• Download Link
– https://www.opendaylight.org/software/release-archives
26
OpenDaylight
• Membership
27
28
OpenDaylight
• Release
Name
Date
Hydrogen (Service Provider)
February 4, 2014
Hydrogen (Base)
February 4, 2014
Hydrogen (Virtualization)
February 4, 2014
Helium
September 29, 2014
Helium-SR1.1
December 18, 2014
Helium-SR1
Lithium
Helium-SR4
November 10, 2014
June 29, 2015
August 11, 2015
Helium-SR2
January 27, 2015
Lithium-SR1
August 18, 2015
Lithium-SR3
December 3, 2015
Lithium-SR4
March 4, 2016
Helium-SR3
Lithium-SR2
Beryllium
Beryllium-SR1
March 17, 2015
October 8, 2015
February 22, 2016
March 22, 2016
OpenDaylight
• ‘PUT’ operation cycle
– 'POST' request in XML or JSON format is to use the ‘Config’ datastore.
• ‘GET’ operation cycle
– To receive information from the datastore for controller, XML or JSON
Ref.[7] https://wiki.opendaylight.org/view/Main_Page
29
OpenDaylight
•
AD(API-Driven)-SAL
–
Plugins can be data providers or data consumers or both
–
Translation between SB plugin API and abstract NB API is done in the abstraction module in AD-SAL
–
•
–
SAL APIs request routing between consumers and providers, and data adaptations are all statically
defined at compile/build time
AD-SAL has both NB and SB APIs
MD(Model-Driven)-SAL
–
–
–
–
–
SAL APIs request routing between consumers and providers are defined from models, and data
adaptation are provided by internal adaptation plugins
API code is generated from models when a plugin is compile
• API code is loaded into the controller along with the rest of the plugin containing the model
when the plugin OSGi bundle is loaded into the controller
Service adaptation is provided by plugin
• An adaptation plugin is a regular plugin
• Model to model translation between two APIs
Provider and consumer plugins can exchange data through the MD-SAL storage
MD-SAL allows both NB plugins and SB plugins to use the same API generated form a model
Ref.[9] https://github.com/opendaylight/docs/blob/master/manuals/developer-guide/src/main/asciidoc/controller/mdsal-faq.adoc
30
31
ONOS
SDN Network Operating System & SDN Control Platform
ONOS
Their mission is to enable Service Providers
To build real SDN/NFV solutions.
32
ONOS
33
ONOS community
34
ONOS
• OSGi based OSS Karaf
• Deploy, Config • Multiple Instance Clustering
• Distributed Clustering
• Sync, Share • Fault tolerance using Distributed Core
• Dynamic Clustering
High Availability
High Performance
Scalability
White Box (Open)
• High Throughput
• ~500K - 1M path setups/second
• High Volume
• ~500GB – 1TB state data
• Low Latency
• 10 ~ 100ms
ONOS
• Architectural Tenets
– High availability, scalability and performance
– Strong abstractions and simplicity
– Protocol and device behavior independence
– Separation of concerns and modularity
35
ONOS
36
ONOS Overall Architecture
Application layer for
specific services
Transfer network
information to the
application layer,
The key role of
provides interface
ONOS, distributed
for the control subclustering
Provide
an interface for
components
capabilities
for HA
network
infrastructure
andcontrol,
Scalability
Network
Element abstraction
Protocol for the
Network Element Set
OpenFlow : SDN
NetConf : Legacy
37
OpenStack
What is OpenSource?(1/8)
• The Open Source Definition
1.
2.
3.
4.
5.
6.
7.
8.
9.
10.
Free Redistribution
Source Code
•
The program must include source code
•
The license must allow modifications and derived works
Derived Works
Integrity of The Author’s Source Code
No Discrimination Against Persons or Groups
No Discrimination Against Fields of Endeavor
Distribution of License
License Must Not Be Specific to a Product
License Must Not Restrict Other Software
License Must Be Technology-Neutral
Ref.[34] http://opensource.org , Open Source Initiative
38
Ref.[10] HyeonJeong Jang, “Openstack_in_OpenSource”, OpenStack Korea Community
39
“OCF is a standard & open source project that
delivers “just-works” interconnectivity for
developers, manufacturers and end users.”
Ref.[30] Soohong Daniel Park, Ph.D., “Samsung OpenSource & IETF”, IETF mirror forum technology workshop
40
41
• OCF Memberships
+180 Members
• Join as a OCF member
Members of Board of Directors
• Certify spec compliant apps and devices
• Use OCF branding
• Benefit from patent cross-licensing protection
• Go to www.openconnectivity.org for membership
• OCF Architecture
42
• OCF Protocols
– OCF Protocol
• Supporting CoAP (Constrained Application Protocol)
• Supporting Wi-Fi, BT, BLE (ZigBee, Z-Wave – TBD)
– CoAP
• UDP based (TCP for Remote/Cloud Connection)
• Multicast (for Discovery)
• IETF CoRE Working Group Standards (RFC7252)
43
• OCF - IETF Collaboration
OCF
44
45
• IoTivity Resource
•
Resource registration (server)
•
Device discovery with filtering (client)
– e.g. GET /oc/core?rt=light
•
Resource discovery (client)
Get
OCF Client
Set
•
•
Property attributes (get/ set/ observe) (client/ server)
Resource tree (resources with sub-resources)
What’s your Status?
I’m Off.
Set your Status to On
OK.
OCF Server
R
OpenStack: Logical Architecture(1/4)
46
OpenStack (Recent Release Version)
Year
2016
2015
Version
2016.04.07 Mitaka Release
2015.10.15 Liberty Release
2015.04.30 Kilo Release
2014
2014.10.16 Juno Release
2014.04.17 IceHouse Release
2012
2012.09.27 Folsom Release
2012.04.05 Essex Rlease
2010
2010.10.21 Austin Release
2013
2011
2013.10.17 Havana Release
2013.04.04 Grizzly Release
2011.09.21 Diablo Release
2011.04.15 Cactus Release
2011.02.03 Bexar Release
47
OpenStack(3/4)
Ref.[27] JaeSeok An, “OpenStack”, KRnet, 2016
48
OpenStack: Logical Architecture(4/4)
OpenStack
• Compute Service – Nova
• Object Storage Service – Swift
• Image Service – Glance
•
•
•
•
•
• Telemetry Service – Ceilometer •
•
• Orchestration Service – Heat
•
Authentication Service – Keystone
Network Service – Neutron
Block Storage Service – Cinder
Dashboard Service – Horizon
Database Service – Trove
Elastic Map Reduce – Sahara
Bare-Metal Provisioning – Ironic
Containers Service - Magnum
49
50
NFV
(Network Function Virtualization)
Network Function
• 4G Network… EPC(MME, S/P-GW,..), Middle Boxes at SGi-LAN)
• Middle Boxes at Cloud Center ( Portal, Enterprise, University,…)
Ref.[31] Younghan Kim, “NFV”, Soongsil University
51
Network Function & Service Function Chain
• 4G Network… EPC(MME, S/P-GW,..), Middle Boxes at SGi-LAN)
Ref.[31] Younghan Kim, “NFV”, Soongsil University
52
53
NFV and SDN
• NFV
SDN
Creates
competitive
supply of
innovative
applications by
third parties.
Open
Innovation
Software
Defined
Networks
Network
Functions
Virtualization
Creates network
abstractions to
enable faster
innovation.
Reduces CAPEX, OPEX,
Space & Power
Consumption.
Comparison of NFV and SDN
Ref.[13] Sungwon Lee, “SDN/NFV foundation, technology evolution and development”, Kyunghee University
54
NFV Functional Architecture
SW Instances
VNF Instances
VNF
VNF
VNF
VNF
NFV Infrastructure(NFVI)
Virtual Resources
Virtualization SW
HW Resources
Virtual
Compute
Virtual
Storage
Virtual
Network
Compute
Storage
Network
Virtualization Layer
NFV Functional Architecture
Examples of VNFs
-
Home routers and set
top boxes.
Security functions :
Firewalls, intrusion
detection systems.
Mobile network nodes :
HLR/HSS, MME, SGSN,
GGSN/PDN-GW, RNC.
Ref.[12] Insun Jang and Sangheon Pack, "NFVRG" Technology Trends Updates”, IETF mirror forum technology
workshop
OPNFV
• OPNFV(Open Platform for NFV)
–
–
–
–
Open source project
To accelerate the introduction of new NFV products and services
Releases : Arno(June 4, 2015), Brahmaputra(February 25, 2016)
Goals
• Develop an integrated and tested open source platform that can be used
to build NFV functionality, accelerating the introduction of new products
and services
• Include participation of leading end users to validate OPNFV meets the
needs of user community
• Contribute to and participate in relevant open source projects that will be
leveraged in the OPNFV platform; ensure consistency, performance and
interoperability among open source components
• Establish and ecosystem for NFV solutions based on open standards and
software to meet the needs of end users
Ref.[32] https://www.opnfv.org/about
55
Brahmaputra
•
•
Brings rich platform-level testing of NFV functionality and use cases to the industry
Enhanced stability, system and unit testing and integration, infrastructure and
documentation
Ref.[33] https://www.opnfv.org/software
56
57
Introduction
(Internet of Things)
4 Key elements for IoT service
• Device + Network + Platform + Application = IoT service
Ref.[15] Younghan Kim, “IoT, Openstack, DevOps”, Soongsil University
58
Key Features of IoT Data
• Key performance measure are “connections”, “Transactions”
and “Accumulation”
59
Technical requests for Openstack as a IoT-Cloud Platform
• QoS, I/O guaranteed
• Feature of Message Broking
• Management Integration
• Application performance monitoring
• Easy to manage data stores and ETL(Extract, Transform, Load)
60
QoS, I/O guaranteed
61
Feature of Message Broking
• Message Broker :
– Pub/Sub model (Distributed processing)
– Asynchronous I/O
– Retrying tasks if workers fail
• Support multiple protocol for IoT :
– MQTT
– Kafka : A high-throughput, distributed, publish-subscribe messaging system
– CoAP
– HTTP/2
• QoS Control:
– Bandwidth
– Priority
62
63
Management integration
• Management integration includes:
Deploy
Automation
Authentication
Monitoring
Application performance monitoring
• Data Gathering and Visualizing for AP monitoring :
64
Easy to manage data stores and ETL
• Easy to manage various data stores
– RDB : mysql, PostgreSQL
– NoSQL : mongoDB, CouchDB,…
– KVS(cache) : Redis, Couchbase, Cassandra, …
• Easy to manage various data extract, transform and load
– (ex.1) KVS to NoSQL
– (ex.2) NoSQL to Object storage
65
IoT architecture in NTT DATA
66
IoT architecture on Openstack
67
Some other Requirements in Platform
• Scalability
• Lifecycle Management
• Peer to Peer
68
69
Network Side
New Considerations
Endpoint-Aware Service Function Chaining
70
Service function chaining for the IoT data plane
• Protect IoT assets, gather network telemetry data, prescribe
high value network services
71
Mobile Network Slicing for IoT
72
73
Mobile Edge Computing and vCPE network services
• Virtual network services are now available at the network
edge
74
DevOps(CI,CD)
Recall IoT Building Blocks
• Connectivity
• Device Management
• Information Management
75
What’s Continuous Integration?
• In software engineering, continuous integration (CI)
implements continuous processes of applying quality
control – smart pieces of effort, applied frequently.
• Continuous integration aims to improve the quality
of software, and to reduce the time taken to deliver
it, by replacing the traditional practice of applying
quality control after completing all development.
76
Continuous Integration
• Continuous Integration is a software development
practice where members of a team integrate their
work frequently, usually each person integrates at
least daily – leading to multiple integrations per day.
• Each integration is verified by an automated build
(including test) to detect integration errors as quickly
as possible.
77
Continuous Integration Benefit
• Project Management
 Detect system development problems earlier
 Reduce risks of cost, schedule, and budget
• Code Quality
 Measureable and visible code quality
 Continuous automatic regression unit test
78
Ingredients of DevOps
• Tools
– Source Code Management, e.g. Git
– Artifact repository, e.g. maven
– Review Management System, e.g. Gerrit
– Integration Engine, e.g. Jenkins
– Configuration management system, e.g. Ansible, Chef
– Test Harness, e.g rally, tempest, yardstick
– Flexible System Deployment, e.g Vagrant
• Principles and Practices
– Infrastructure as code
– Declarative Topologies
– Test driven development
– Agile development
79
Jenkins – Fitting in
80
Jenkins Features
• Trigger a build
• Get source code from repository
• Automatically build and test
• Generate report & notify
• Deploy
• Distributed build
81
Case Study : Verizon PoC : Problems
• Take 2~3 months to release new features
• With DevOps  change IT development lifecycle
– Spin environment in minutes
– Run thousand of test cases in a single click
– Make releases in week
• Network Function Upgrades
– Upgrade a firewall or a packet gateway  setup environment, take a
week  not end-to-end automation
– How to make upgades agile ?
82
NFV CI/CD Automation Use cases
• Use cases
– Ericsson Virtual Router Onboard and Instantiate
– Virtual Router Seamless Upgrade
• NFV CI/CD benefits
– Enable DevOps for VNF deployments
– Shorten TTM for product features updates
– Increase quality by streaming deployments
– Minimize recurring costs and efforts for deployments and upgrades
83
NFV DevOps Life cycle Automation PoC
• Integrate two development life cycle
84
Infrastructure as code
• Configuration management on steroid
• Core tenet of DevOps
• Bring tried and tested practices from software engineering
into infrastructure operations
• Revision control
– Use git tools
– Track both what was changed and why
– Audit all changes to the cluster
– See precisely what has changed between two points in time
85
Other Case :OPNFV Octopus CI/CD approach
86
Discussion
• Standards vs OpenSource Project ?
• Protocol vs API ?
• KR Position in IoT ?
87
88
IoTivity
Reasons for Standard
• Interoperability
• Collaborative deployment
• Cost efficiency
89
Reasons for Standard
• Interoperable devices and features are tremendously growing up
90
Introduction to IoTivity (1/2)
• AllSeen Alliance vs. OIC (Open Interconnect Consortium)
Ref.[16] Jaehoon Jeong, “IoTivity:OFC_Open_Source_Project”, KRnet, 2016
91
Introduction to IoTivity (1/2)
• OCF (Open Connectivity Foundation)
92
Conceptual Architecture of IoTivity
93
94
IoTivity Framework
Additional
Service
Basic
Service
IoTivity Base 2
(C++ SDK)
IoTivity Base 1
(C API Stack/
Internal)
Transport
Protocol
REST
Framework
Control/Controllee
Manager
Software
Sensor
Manager
Protocol
Plugin
Manager
Things
Manager
Notification
Manager
Resource Manager
(Registration, Discovery, Attribute GET/SET/OBSERVE)
JSON
Encoder/Decoder
OCSocket
Connectivity
UDP/IP
OCStack
OCCoAP (Transport)
libcoap-4.1.1
Logger
TCP/IP
(Future)
ocrandom
ocmalloc
Future PAN
(Future)
95
IoTivity Stack
Application
IoTivity Base(C++ SDK)
Application
IoTivity Base(C SDK)
IoTivity Base(C SDK)
CoAP
CoAP
UDP / IP
UDP / IP
Resource API
For Unconstrained Devices
Resource API
For Constrained Devices
AllJoyn Stack
Application
Base Service Frameworks
AllJoyn Core Frameworks
AllJoyn Router
AllJoyn Software
Frameworks
96
97
IoTivity vs. AllJoyn
• Comparison between IoTivity and AllJoyn
IoTivity
AllJoyn
Feature
RESTful
RMI
Management
Resource
BusObject
Topology
Point to Point
Mesh of Stars
Protocol
CoAP
D-Bus
98
Interaction between OIC Client & Server
2. Light Bulb Resource Discovery (GET)
3. Status Query for Light Bulb (GET)
4. Config Query for Light Bulb (PUT)
5. Status Observation Query (GET)
OIC Client
(User)
OIC Server
(Resource)
1. Resource
Registration
99
Registering a Resource
ISV
Server
App
Server
Wrapper
(internal)
SDK
OCStack
(internal)
[1]Platform.registerResource(…)
[2]InProcServer.registerResource(…)
[3]OCCreateResource(…)
OCStackResult
Failure / Success
Failure / Success
100
Discovering a Device/Resource
OIC Client
(Smartphone)
Application
C++ API
(SDK)
C API
(Stack/Internal)
IoTivity
Device
(2) Reply from the
Corresponding IoT
Devices in Unicast
(1) Query in Multicast
(e.g., GET/oc/core?rt=light)
OIC Server
(IoT Devices)
IoTivity
Device
IoTivity
Device
IoTivity
Device
101
Querying a Resource State (GET)
Client
ISV
Client
App
Client
SDK
[1]resource.get(callback)
Client
Wrapper
(Internal)
Client
OCStack
(Internal)
Server
OCStack
(Internal)
Server
Wrapper
(Internal)
Server
SDK
Server
ISV
Server
App
[2]InProcClient.get(callback)
[3]OCDoResource()
Failure / pending
[4] GET /light/1
[5]call entity handler
[6] call OCResource
[7] InProcClient.get()
[11] ACK, CONENT
[13] asyncResultHandler
Resource
Get
[10] Return code
[9] Return code
[8] Return code
[12] invoke
wrapperAsyncCallbackFunc
Get
Request
Call Entity
Handler
Return
Result code
102
Setting a Resource State (PUT)
Client
ISV
Client
App
Client
SDK
Client
Wrapper
(Internal)
[1]resource.put(attributeMap,
callback)
[2]InProcClient.setResourceAttributes
(attributeMap, callback)
Client
OCStack
(Internal)
Server
OCStack
(Internal)
Server
Wrapper
(Internal)
Server
Server
SDK
ISV
Server
App
[3]OCDoResource()
Failure / pending
[4] PUT /light/1
[6] call OCResource
[7] InProcClient.put(attributeMap)
[11] ACK, CHANGED
Resource
Put
[10] Return code
[9] Return code
[8] Return code
[12] invoke
Put
Request
Call Entity
Handler
Return
Result code
103
Observing a Resource State (1/2)
Client
ISV
Client
App
Client
SDK
[1]resource.observe()
Client
Wrapper
(Internal)
[2]InProcClient.observe()
Client
OCStack
(Internal)
Server
OCStack
(Internal)
Server
Wrapper
(Internal)
ISV
Server
App
[4] GET /light/1
[11] ACK, CONTENT
Resource
Observe
Server
SDK
[3]OCDoResource()
Failure / pending
Server
[10] Return code
[6] call OCResource
[9] Return code
[7] InProcClient.observe()
[8] Return code
[12] invoke
Observe
Request
Call Entity
Handler
Return
Result code
104
Observing a Resource State (2/2)
Client
ISV
Client
App
Client
Wrapper
(Internal)
Client
SDK
Notification
Client
OCStack
(Internal)
Server
OCStack
(Internal)
[17] CON, CONTENT
[18] invoke
Server
Wrapper
(Internal)
[16] OCNotifyObservers()
Server
ISV
Server
App
Server
SDK
[14] Change Event
[15] OCNtifyObserves()
Cancellation
[20]
Result
[21]
[22] OCCancel()
[23] GET /light/1
Trans
Notify
Event
Installation (1/5)
• How You Can Use
– Use the code from IoTivity.org
• Open to any individual or company
• Code is available at IoTivity.org under the Apache v2.0 license
105
Installation (2/5)
• Install
– https://www.iotivity.org/documentation/linux/getting-started
$ sudo apt-get install git-core
$ sudo apt-get install scons
$ sudo apt-get install ssh
$ sudo apt-get install build-essential g++
$ sudo apt-get install libglib2.0, scons, unzip, uuid-dev, python-dev,
autotools-dev, libicu-dev, libbz2-dev
106
Installation (3/5)
• Download Libraries
$ tar xzvf boost_1_55_0.tar.gz
$ cd boost_1_55_0/
$ ./bootstrap.sh --with-
libraries=system,filesystem,date_time,thread,regex,log,iostreams,
program_options --prefix=/usr/local
$ sudo apt-get update
$ sudo apt-get install python-dev autotools-dev libicu-dev buildessential libbz2-dev
107
Installation (4/5)
$ sudo ./b2 install
108
$ sudo sh –c ‘echo ‘/usr/local/lib’ >> /etc/ld.so.conf.d/local.conf’
$ sudo ldconfig
Installation (5/5)
• Download IoTivity source code.
• Build the IoTivity project for linux.
– $ <..iotivity directory..> scons
• After build, sample code had made in
<iotivity>/out/ directory.
109
Demonstration
110
Access the IoTivity Website
111
Access Get-Involved Webpage
112
11
3
CoAP
114
CoAP
• Constrained Application Protocol (CoAP)
– IETF Standard in CoRE Working Group: RFC 7252
– CoAP is one of the open standards communication protocols for IoT
– CoAP use a Web-based model, HTTP-like but based on UDP
– URI and content-type support
– Asynchronous message exchanges
– DTLS for Secure
– CoAP defines 4-type Messages
using a 4-byte, binary, and base
header format with binary options.
Application
Request /
Responses
Message
UDP / DTLS
CoAP
115
CoAP
• CoAP Message Format
0
Ver T
TKL
0xff
8
Code
16
24
Message ID
32
Token (if any, TKL bytes) …
Options (if any) …
Payload (if any) …
• Ver (Version) : CoAP version number (01)
• T (Message Type) : Confirmable (0), Non-confirmable (1),
Acknowledgement (2), or Reset (3)
• TKL (Token Length) : The length of the variable-length Token field (0-8 bytes)
• Code : 3-bit class (e.g., request and success response) and 5-bit details
• Message ID : To detect message duplication and to match messages of type
Acknowledgement/Reset to messages of type Confirmable/Non-confirmable.
• Token : The token value is used to correlate requests and responses.
116
CoAP
• 2 Types of Transmission
– Confirmable : The recipient sends the sender an ACK message with the
same Message ID for the confirmable message.
– Non-Confirmable : A message that does not require reliable
transmission can be sent as a Non-confirmable message.
Client
Server
Client
CON [0x7d34]
NON [0x01a0]
ACK [0x7d34]
Reliable Message Transmission
Server
Unreliable Message Transmission
117
CoAP Architecture
Rest
C
Server
Server
Internet
HTTP
Proxy
C
C
C
CoAP
C
Constrained Environments
11
8
6LoWPAN
119
6LoWPAN
• IPv6 over Low-Power Wireless Personal Area Networks
– N/W Adaptation Layer between IPv6 Protocol & IEEE 802.15.4
– Encapsulation (RFC 4944) and Header Compression (RFC 6282)
– Neighbor Discovery Optimizations (RFC 6775)
HTTP
TCP
RTP
UDP
ICMP
Application
Transport
IP
Network
Ethernet MAC
Data Link
Ethernet PHY
Physical
Application
UDP
IPv6
ICMP
6LoWPAN
IEEE 802.15.4 MAC
IEEE 802.15.4 PHY
120
6LoWPAN
• IPv6 over Low-Power Wireless Personal Area Networks
– Sensor nodes use 6LoWPAN over 802.15.4 to create a mesh network
that is connected to an Ethernet-equipped gateway node.
6LoWPAN Network
Gateway
•
•
•
•
Internet
Communications range : 10 meter
Transfer rate : 250 kbit/s
Frequency bands : 868/915/2450 MHz
MAC Protocol : CSMA/CA
121
Raspberry Pi
& Arduino
122
Raspberry Pi & Arduino (1/4)
• Raspberry Pi
– A series of credit card-sized single-board
computers developed in the United
Kingdom by the Raspberry Pi Foundation
– The Foundation provides Debian and Arch
Linux ARM distributions for download, and
promotes Python as the main programming
language, C, C++, PHP, Java, Perl, Ruby, Squ
eak Smalltalk and more also available.
Ref.[28] https://en.wikipedia.org/wiki/Raspberry_Pi
Raspberry Pi 3 model B
123
Type
Generati
on
SoC
CPU
GPU
Model A
1
1+
Model B
1
1+
Zero
2
3
Broadcom BCM2835
Broadcom
BCM2836
Broadcom
BCM2837
700 MHz single-core ARM
1176JZF-S
900 MHz 32bit quad-core
ARM CortexA7
1.2 GHz 64-bit
quad-core
ARM CortexA53
N/A
Broadco
m
BCM283
5
1 GHzAR
M1176JZ
F-S
singlecore
Broadcom VideoCoreIV @ 250 MHz (BCM2837: 3D part of GPU @ 300 MHz,
video part of GPU @400 MHz)
OpenGL ES 2.0 (BCM2835, BCM2836: 24 GFLOPS / BCM2837: 28.8 GFLOPS)
MPEG-2 and VC-1 (with license), 1080p30 H.264/MPEG-4 AVC high-profile
decoder and encoder(BCM2837: 1080p60)
124
Type
Generati
on
Memory
Onboard
network
Target
price
Model A
1
1+
Model B
1
256 MB
2
512 MB
None
25 US$
1+
20 US$
Zero
3
1 GB
10/100
Mbit/s
Ethernet,
10/100 Mbit/s Ethernet (8P8C)
802.11n
USB adapter on the USB hub
wireless,
Bluetoot
h 4.1
35 US$
25 US$
35 US$
35 US$
N/A
512 MB
None
5 US$
125
• Arduino
– A hardware and software company, project, and
user community that designs and manufactures
computer open-source hardware, open-source
software, and microcontroller-based kits for building
digital devices and interactive objects that can sense
and control physical devices.
– For programming the microcontrollers, the Arduino
project provides an integrated development
environment (IDE) based on a programming
language named Processing, which also supports the
languages C and C++.
Ref.[29] https://en.wikipedia.org/wiki/Arduino
"Arduino Uno" SMD Revision 3
126
Security
Security Vulnerabilities in IoT
• IoT
means that everything can be exploited
• security attack issues (so many)
– Remotely hack a 2014 Jeep Cherokee (www.wired.com)
– A suite of Vulnerabilities in the Tesla Model S
(DefCon hacker conference)
– Disable pacemaker WiFi capability
– Droug infusion pumps
• Stopped selling in 2013(FDA)
Ref.[18] NamHui Kang, “Internet of Things Security-IETF Standard trends”, IETF mirror forum technology workshop
127
Security services in IoT
• Supporting CIA services for communications in IoT
– Standard trends
• IETF : CoAP/DTLS/UDP
– DICE WG : CoAP over DTLS Profile
• OMA LWM2M - CoAP/DTLS/UDP, CoAP/DTLS/SMS
• OASIS : MQTT/TLS/TCP
Ref.[19] NamHui Kang, “Internet of Things Security-IETF standard technology”, Duksung University
128
CoAP over DTLS (1/2)
• DTLS(Datagram Transport Layer Security)
– A tweak to TLS
– Runs over UDP, using UDP to provide end-to-end transport
– Becoming more widely used, e.g. Cisco VPN products
– Allow for retransmission of handshake messages
– Allow out-of-order arrival of messages
Application(CoAP, XML)
Security(DTLS)
Transport(UDP)
Network(IPv6)
PHY/MAC(IEEE 802.15.4)
DTLS in protocol stack
Ref.[20] Kenny Paterson, “TLS and DTLS : A Tale of Two Protocols”, Royal Holloway University, London
Ref.[21] Raj Jain, “Constrained Application Protocol for Internet of Things”
129
130
Introduction
International
Research Network
131
KOREN & KREONET
TEIN4
• Trans-Eurasia Information Network
– Increase direct Internet connectivity for research and education between
Europe and Asia
– Improve intra-regional connectivity within Asia
– Act as a catalyst for the development of national research networking in
the developing countries in the Asia-Pacific region
• Two key elements in networking between Europe and Asia:
– Asian regional infrastructure connecting TEIN4’s Asian partners
– Connectivity between the TEIN4 regional backbone and GÉANT2
Ref.[26] www.tein4.net
118
APAN/TEIN4
Ref.[25] http://www.koren.kr/koren/eng/net/natworkmap.html?cate=3&menu=1
119
KOREN
• KOREN : KOREA Advanced REsearch Network
– A non-profit testbed network infrastructure established for facilitating
research and development and international joint research cooperation.
– provide quality broadband network testbed for domestic and international
research activities to the industry, academia, and research institutions,
enabling testing of future network technologies and supporting R&D on
advanced applications..
– Cooperate with many international research network such as APII, TEIN.
• Advantages of KOREN
– Establishment of high-capacity and high-quality research testbed and
internetworking with international research networks
– Test and verify next generation network application technologies
– Provide infrastructure for validation test(sensors, future networks)
121
KOREN Topology
Ref.[25] http://www.koren.kr/koren/eng/net/natworkmap.html?cate=3&menu=1
122
KREONET
123
- KREONET (Korea Research Environment
Open Network) is a R&D network of Korea
supported by Korean government.
- KREONET member are Currently over 200
organizations (research institutes, universities,
industrial, research laboratories)
- KREONET has 12 regional network centers &
NOC in Daejeon, KISTI
- Major Network Services are IPv4/IPv6 Unicast
Routing, Multicast routing, Lambda networking,
QoS Service, TE..
- Major S&T resource service with KREONET are
National Supercomputing Center
TeraCluster(512CPU)
S&T DB Service
Advanced Experimental Facilities
137
138
Research on IoT/ Cloud
host management
in SDN
Introduction
• Centralized IoT host management is needed
– IoT hosts are connected through autonomous network
– Hart to control one by one because of the diversity and huge number
of the IoT hosts
• SDN based IoT can have:
– Centralized control : enables controller keep global view of network
topology
– Programmability : Easy to combined with other Open source software
and easy to deliver application requirements to network layer just by
SDN control application
139
IoT Host Management System Architecture
• IoT host address management (collection, blocking and translation) using
controller application
140
141
Experiment Environment
• Network Topology
Switch
Controller
Switch
Host
Switch
Host
Host
142
Experiment Environment
• The real testbed equipment
– install Opendaylight controller in PC
– 3 Open vSwitches and 2 hosts are using raspberry pi 3
– Host1 send web streaming to Host2 using webcam
– using webcam
Switch
Switch
Host
Web
Camera
Switch
Host
Host
Test Scenario (1/4)
• Host Address collection
143
Test Scenario (2/4)
• Host bloking
144
145
Test Scenario (3/4)
• Host address translation
- Achieve Host2 request video to Host1, but the requested video will be
sent by Host3 by adding flow entry to corresponding OVSs
OVS
OpenDaylight
OVS
OVS
Host1
Host3
I hope Host 1!
Host2
I sent Host 3…
Test Scenario (4/4)
• Host address translation
146
147
Dynamic QoS Routing
Algorithm in SDN
Introduction
• Rising popularity of multimedia applications with high
requirements , so high and new requirements on QoS routing
other than best effort approach.
• QoS routing requires an awareness of dynamic network status
and application QoS requirement as well.
• Classification flows according to the application QoS
requirements and find the best satisfied path.
148
SDN based Dynamic QoS Routing Framework
149
SDN based QoS Routing Algorithm
150
• Routing algorithm based on two cases
• Feasible path exists
• None feasible path (In traditional QoS routing algorithm, the flow will
be dropped)
• Find the path with best-effort on QoS satisfaction
• In case different flows selects the same path, QoS for data from
higher priority applications will be considered firstly.
• Priority:
- For example: priority VoIP > Video > FTP.
- FTP will be suppressed if other higher priority applications
on the same unfeasible path
907 New Millennium Hall, KU, Seoul, Korea
150
151
Flow Chart of Routing Algorithm
Initially apply
existing routing
Bandwidth-sensitive
Flow statsitic
collection
Flow classification
(bandwidth, delay,
delay/bandwidth sensitive)
filtering
no
Both bandwidth
and delay satisfied?
cost, send the path with
least bandwidth cost
Finding feasible paths
filtering
Bandwidth satisfied?
yes
Find the path with
minimum delay
cost
no
no
Find the path with
minimum
bandwidth cost
ranking
Delay-sensitive
no
yes
ranking Calculate the bandwidth
yes
yes
yes
Delay satisfied?
Find the path with
minimum
bandwidth cost
no
Find the path with
minimum delay
cost
ranking
OSPF
filtering
If none feasible path, find besteffort QoS performance path
Dynamic QoS Routing Algorithm Implementation
• Dynamic QoS Routing algorithm implementation as controller
application
– Will find paths with best QoS performance by flow monitoring
– Different flows have different routing path depending on Application
QoS requirement
- Dynamic QoS Routing Controller Application
- Implementation Environments
152
Experiment Result
• Dynamic QoS routing algorithm application test
– Streaming video from H1 to H2, if current path are lack of available bandwidth
because of network condition changes, then it will automatically send video to
another path which is satisfy the video transmission requirement.
95
Experiment Result
95
155
Mobility Support
in SDN IoT networks
Drawbacks of Existing Mobility Solutions
• Tunneling for each MN
– Between MN/FA and HA (MIPv4) or MAG and LMA (PMIP)
– Result in suboptimal routing
• Signaling overhead
– IP Header encapsulation during tunneling
– Messages: HA discovery, MN registration, Binding Update, etc.
• Scalability issues
– HA traffic congestion if MN too many
– Network entity limitation, FA, HA, MAG, LMA, etc.
• Only support MN with public IP address
156
SDN based mobility
• OpenFlow protocol has not natively support mobility yet
• SDN based mobility
– Centralized control enables controller keep global view of whole network topology
– Reduce overhead for supporting mobility to IoT device
• Propose SDN based mobility mechanism
– SDN based mobility support to IoT device without IP address change
• From basic OpenFlow functions, we can :
– Configure forwarding plane
• according to the requirements of applications and services
– Manipulate Per-flow forwarding through:
• Managing flow tables at OpneFlow Switches(OFS)
• Modifying packet header
• Build GRE tunnel among OFSs
157
SDN-based IP Mobility Support Architecture
• After handover, the first packet from MN is sent to Controller
Process:
①: Packet from MN to CN
②: packet_in message to Controller
③: Authentication between Controller
and MN
④: flow_mod message to distribute
specific flow entries to S1, S2, and S3
S3: Map MN’s IP/Port to S3’s IP/Port
S1: Map S3’s IP/Port back to MN’s
IP/Port S2: Delete MN’s flow entries
⑤: Packets are redirected from S3 to
S1
⑥: S1 translates packet to the original
as from MN
Controller
158
SDN-based IP Mobility Support Architecture
• CN sends packet to MN before Flow Table of S1 updated
Process:
①: Packet from CN to MN
②: S1 sends the packet to MN’s home
network
③: S2 sends packet_in to controller.
Because MN’s flow entries on S2 were
deleted when controller detected new
attach point of MN.
④: Controller sends flow_mod to S1, S2,
and S3 S1: Map MN’s IP/Port to S3’s IP/Port
S3: Map S3’s IP/Port back to MN’s IP/Port S2:
Map MN’s IP/Port to S3’s IP/Port
⑤: Packet is redirected from S2 to S3 ⑥: S3
translates to the original packet as from CN
⑦: Subsequent packets exchange directly
between S1 and S3.
159
Testbed Environment
• Implement the OVS using Raspberry Pi
– Main OVS : Connect to Controller and APs
– OVS AP : Also implement the AP using Raspberry Pi
– IoT Devices : Raspberry Pi
160
Real testbed
• Simulation using Mininet-WiFi
161
16
2
SDN and Cloud based
Forest Fire Detection
System using IoT devices
Introduction
• Collecting Temperature, Illumination and Humidity sensor
data to detect forest fire.
• Once forest fire is detected, turn on the camera
• All sensor data and web streaming will be sent to the DB
server and Web server which is located in OpenStack
• We can see the real-time video streaming and sensor data
online
163
System Design
164
System Implementation Plan
165
166
• Once OVS is burnt out , then reroute.
OVS
OVS
OVS
OVS
Routing Changes
Controller
OVS
OVS
OVS
167
OVS
OVS
OVS
Camera
•
•
Classification
Calculation
168
OpenStack
Server Layer
( Data for Service )
Wired data
Communications
Network Layer
- Wired
( Data Analyses )
Wireless data
Communications
Sensing Layer
- Wireless
( Data Collection )
169
• Sensors
Temperature-humidity sensor
Arduino Uno
Illumination sensor
170
Sensors using Arduino
Illumination sensor
LED sensor
Temperature-humidity sensor
171
• Sensor data
172
Run OVS & AP in Raspberry Pi 3
• Raspberry Pi 3
173
• Network Topology in OpenStack
174
• Web streaming and sensor data
175
Demo
176
Reference
[1] https://www.opennetworking.org/about/onf-overview
[2] http://www.tta.or.kr/index.jsp
[3] http://www.slideshare.net/ireri339/sdndstw-ryu-developing
[4] OpenFlow Specification 1.3, ONF
[5] https://www.openvswitch.org/
[6] http://www.frank-durr.de/?p=75
[7] https://wiki.opendaylight.org/view/Main_Page
[8] http://docs.inocybe.com/dev-guide/content/_opendaylight_controller_md_sal_faqs.html
[9] https://github.com/opendaylight/docs/blob/master/manuals/developer-guide/src/main/asciidoc/controller/md-sal-faq.adoc
[10] HyeonJeong Jang, “Openstack_in_OpenSource”, OpenStack Korea Community, 2015
[11] HyeonJeong Jang, “Billing_for_OpenStack_Solution”, OpenStack Korea Community
[12] Insun Jang and Sangheon Pack, "NFVRG" Technology Trends Updates”, IETF mirror forum technology workshop, 2016
[13] Sungwon Lee, “SDN/NFV foundation, technology evolution and development”, Kyunghee University, 2016
[14] Bhavna Singh, “How Internet of Things(IoT) Are Going To Impact Your Business?”
[15] Younghan Kim, “IoT, Openstack, DevOps”, Soongsil University, 2016
[16] Jaehoon Jeong, “IoTivity:OFC_Open_Source_Project”, KRnet, 2016
[17] John Wiley & Sons, “6LoWPAN: The Wireless Embedded Internet Companion Lecture Slides”
[18] NamHui Kang, “Internet of Things Security-IETF Standard trends”, IETF mirror forum technology workshop, 2015
[19] NamHui Kang, “Internet of Things Security-IETF standard technology”, Duksung University
[20] Kenny Paterson, “TLS and DTLS : A Tale of Two Protocols”, Royal Holloway University, London
177
Reference
[21] Raj Jain, “Constrained Application Protocol for Internet of Things”
[22] Zach Shelby, “Lightweight Device Management for IoT”, http://community.arm.com/groups/internet-of-things/blog/2014/02/24
[23] Suhas Rao et al., “Implementing LWM2M in constrained IoT devices”, ICWiSe, 2015
[24] “CoAP, OMA LWM2M, and IPSO Smart Objects”, ARM, 2014
[25]http://www.koren.kr/koren/eng/net/natworkmap.html?cate=3&menu=1
[26] www.tein4.net
[27] JaeSeok An, “OpenStack”, KRnet, 2016
[28] https://en.wikipedia.org/wiki/Raspberry_Pi
[29] https://en.wikipedia.org/wiki/Arduino
[30] Soohong Daniel Park, Ph.D., “Samsung OpenSource & IETF”, IETF mirror forum technology workshop, 2016
[31] Younghan Kim, “NFV”, Soongsil University, 2016
[32] https://www.opnfv.org/about
[33] https://www.opnfv.org/software
[34] http://opensource.org , Open Source Initiative
[35] SangYun Han, “ONOS SDN Controller”, Kyunghee Univ. MOBILE CONVERGENCE LAB.
[36] OpenFlow Switch Speciifcation version 1.4.0
[37] http://cleanslate.Stanford.edu, The Stanford Clean Slate Program
[38] Srini Seetharaman et al., “OpenFlow/SDN tutorial”, Deutsche Telekom, Silicon Valley Innovation Center
178
179
Thank You!

Software Defined Network for Internet of Things

Transcription

Similar documents

Internet of Things Security Implications v1.4

Why connected?

cataloguefor website

Ghost Man on Third

Luminator X Halogen Auxiliary Spotlight Brief Information

Removable prosthesis stabilisation MIB - MInI IMplant

PDF - Chelsea Textiles

Wallpapers

Diamond Core Bit

Igniting Growth in Consumer Technology

Internet Of Things Lightweight Embedded Security

Man Alive! - Arbery Books

D4.1 – Framework for studying existing IoT testing solutions - probe-it